kind: Pod
apiVersion: v1
metadata:
  labels:
    addonmanager.kubernetes.io/mode: Reconcile
    k8s-app: lb-keepalived
  name: lb-keepalived
  namespace: kube-system
spec:
  hostNetwork: true
  dnsPolicy: ClusterFirstWithHostNet
  priorityClassName: system-cluster-critical
  containers:
  - name: lb-keepalived
    image: {{ lb_keepalived_image }}
    env:
    - name: KEEPALIVED_VIRTUAL_IPS
      value: {{ kube_apiserver_ip | trim }}
    - name: KEEPALIVED_INTERFACE
      value: {{ lb_keepalived_interface.stdout }}
    - name: KEEPALIVED_UNICAST_PEERS
      value: "#PYTHON2BASH:[{{ lb_keepalived_unicast_peers }}]"
    - name: KEEPALIVED_PASSWORD
      value: {{ lb_keepalived_password }}
    - name: KEEPALIVED_STATE
      value: "{{ lb_keepalived_state }}"
    - name: KEEPALIVED_PRIORITY
      value: "{{ lb_keepalived_priority }}"
    - name: KEEPALIVED_ROUTER_ID
      value: "{{ lb_keepalived_router_id }}"
{% if lb_kube_apiserver_healthcheck_port is defined %}
    # 检测当前节点 lb 是否存活，若不存活则重启
    livenessProbe:
      periodSeconds: 3
      timeoutSeconds: 15
      failureThreshold: 5
      initialDelaySeconds: 10
      httpGet:
        host: 127.0.0.1
        path: /healthz
        port: {{ lb_kube_apiserver_healthcheck_port }}
{% endif %}
    resources: {}
    volumeMounts:
    - mountPath: /etc/localtime
      name: localtime
      readOnly: true
    securityContext:
      capabilities:
        add:
        - NET_RAW
        - NET_ADMIN
        - NET_BROADCAST
  volumes:
  - hostPath:
      path: /etc/localtime
      type: File
    name: localtime